/* * Copyright (c) 1995-1998 by Cisco systems, Inc. * Copyright 2002,2003 Christopher SEKIYA * Portions copyright 1997-2000 by Pawel Krawczyk * * Permission to use, copy, modify, and distribute this software for any purpose * and without fee is hereby granted, provided that this copyright and * permission notice appear on all copies of the software and supporting * documentation, the name of Cisco Systems, Inc. not be used in advertising * or publicity pertaining to distribution of the program without specific * prior permission, and notice be given in supporting documentation that * modification, copying and distribution is by permission of Cisco Systems, * Inc. * * Cisco Systems, Inc. makes no representations about the suitability of this * software for any purpose. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE. */ #if !defined( _TACPLUS_H) #define _TACPLUS_H #include struct tac_attrib { char *attr; u_int8_t attr_len; struct tac_attrib *next; }; struct areply { struct tac_attrib *attr; char *msg; int status; }; #if !defined(TAC_PLUS_MAXSERVERS) #define TAC_PLUS_MAXSERVERS 4 #endif #if !defined(TAC_PLUS_PORT) #define TAC_PLUS_PORT 49 #endif #define TAC_PLUS_READ_TIMEOUT 180 /* seconds */ #define TAC_PLUS_WRITE_TIMEOUT 180 /* seconds */ /* All tacacs+ packets have the same header format */ #define TAC_PLUS_MAJOR_VER_MASK 0xf0 #define TAC_PLUS_MAJOR_VER 0xc0 #define TAC_PLUS_MINOR_VER_0 0x0 #define TAC_PLUS_VER_0 (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_0) #define TAC_PLUS_MINOR_VER_1 0x01 #define TAC_PLUS_VER_1 (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_1) #define TAC_PLUS_AUTHEN 1 #define TAC_PLUS_AUTHOR 2 #define TAC_PLUS_ACCT 3 #define TAC_PLUS_ENCRYPTED 0x0 /* packet is encrypted */ #define TAC_PLUS_CLEAR 0x1 /* packet is not encrypted */ struct tacacs_header { u_int8_t version; u_int8_t type; u_int8_t seq_no; /* packet sequence number */ u_int8_t encryption; /* packet is encrypted or cleartext */ u_int32_t session_id; /* session identifier FIXME: Is this * needed? */ u_int32_t datalength; /* length of encrypted data following * this header */ }; #define TAC_PLUS_HDR_SIZE 12 /* Authentication packet NAS sends to us */ #define TAC_PLUS_AUTHEN_LOGIN 0x1 #define TAC_PLUS_AUTHEN_CHPASS 0x2 #define TAC_PLUS_AUTHEN_SENDPASS 0x3 /* deprecated */ #define TAC_PLUS_AUTHEN_SENDAUTH 0x4 #define TAC_PLUS_PRIV_LVL_MIN 0x0 #define TAC_PLUS_PRIV_LVL_MAX 0xf #define TAC_PLUS_AUTHEN_TYPE_ASCII 1 #define TAC_PLUS_AUTHEN_TYPE_PAP 2 #define TAC_PLUS_AUTHEN_TYPE_CHAP 3 #define TAC_PLUS_AUTHEN_TYPE_ARAP 4 #define TAC_PLUS_AUTHEN_SVC_LOGIN 1 #define TAC_PLUS_AUTHEN_SVC_ENABLE 2 #define TAC_PLUS_AUTHEN_SVC_PPP 3 #define TAC_PLUS_AUTHEN_SVC_ARAP 4 #define TAC_PLUS_AUTHEN_SVC_PT 5 #define TAC_PLUS_AUTHEN_SVC_RCMD 6 #define TAC_PLUS_AUTHEN_SVC_X25 7 #define TAC_PLUS_AUTHEN_SVC_NASI 8 struct authen_start { u_int8_t action; u_int8_t priv_lvl; u_int8_t authen_type; u_int8_t service; u_int8_t user_len; /* */ u_int8_t port_len; /* */ u_int8_t rem_addr_len; /* */ u_int8_t data_len; /* */ }; #define TAC_AUTHEN_START_FIXED_FIELDS_SIZE 8 /* Authentication continue packet NAS sends to us */ #define TAC_PLUS_CONTINUE_FLAG_ABORT 0x1 struct authen_cont { u_int16_t user_msg_len; /* */ u_int16_t user_data_len; /* */ u_int8_t flags; }; #define TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE 5 /* Authentication reply packet we send to NAS */ #define TAC_PLUS_AUTHEN_STATUS_PASS 1 #define TAC_PLUS_AUTHEN_STATUS_FAIL 2 #define TAC_PLUS_AUTHEN_STATUS_GETDATA 3 #define TAC_PLUS_AUTHEN_STATUS_GETUSER 4 #define TAC_PLUS_AUTHEN_STATUS_GETPASS 5 #define TAC_PLUS_AUTHEN_STATUS_RESTART 6 #define TAC_PLUS_AUTHEN_STATUS_ERROR 7 #define TAC_PLUS_AUTHEN_STATUS_FOLLOW 0x21 #define TAC_PLUS_AUTHEN_FLAG_NOECHO 0x1 struct authen_reply { u_int8_t status; u_int8_t flags; u_int16_t msg_len;/* */ u_int16_t data_len; /* */ }; #define TAC_AUTHEN_REPLY_FIXED_FIELDS_SIZE 6 #define AUTHEN_METH_NONE 0x01 #define AUTHEN_METH_KRB5 0x02 #define AUTHEN_METH_LINE 0x03 #define AUTHEN_METH_ENABLE 0x04 #define AUTHEN_METH_LOCAL 0x05 #define AUTHEN_METH_TACACSPLUS 0x06 #define AUTHEN_METH_RCMD 0x20 struct acct { u_int8_t flags; #define TAC_PLUS_ACCT_FLAG_MORE 0x1 #define TAC_PLUS_ACCT_FLAG_START 0x2 #define TAC_PLUS_ACCT_FLAG_STOP 0x4 #define TAC_PLUS_ACCT_FLAG_WATCHDOG 0x8 u_int8_t authen_method; u_int8_t priv_lvl; u_int8_t authen_type; u_int8_t authen_service; u_int8_t user_len; u_int8_t port_len; u_int8_t rem_addr_len; u_int8_t arg_cnt;/* the number of cmd args */ /* one u_int8_t containing size for each arg */ /* */ /* */ /* */ /* char data for args 1 ... n */ }; #define TAC_ACCT_REQ_FIXED_FIELDS_SIZE 9 struct acct_reply { u_short msg_len; u_short data_len; u_int8_t status; #define TAC_PLUS_ACCT_STATUS_SUCCESS 0x1 #define TAC_PLUS_ACCT_STATUS_ERROR 0x2 #define TAC_PLUS_ACCT_STATUS_FOLLOW 0x21 }; #define TAC_ACCT_REPLY_FIXED_FIELDS_SIZE 5 /* An authorization request packet */ struct author { u_int8_t authen_method; u_int8_t priv_lvl; u_int8_t authen_type; u_int8_t service; u_int8_t user_len; u_int8_t port_len; u_int8_t rem_addr_len; u_int8_t arg_cnt;/* the number of args */ /* */ /* */ /* */ /* */ /* */ }; #define TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE 8 /* An authorization reply packet */ struct author_reply { u_int8_t status; u_int8_t arg_cnt; u_short msg_len; u_short data_len; #define AUTHOR_STATUS_PASS_ADD 0x01 #define AUTHOR_STATUS_PASS_REPL 0x02 #define AUTHOR_STATUS_FAIL 0x10 #define AUTHOR_STATUS_ERROR 0x11 #define AUTHOR_STATUS_FOLLOW 0x21 /* */ /* */ /* */ /* */ }; #define TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE 6 #endif